Greetings list, Bind 8 issue:
Barry Margolin
barmar at genuity.net
Thu Oct 18 14:46:45 UTC 2001
In article <9qmpmv$b2h at pub3.rc.vix.com>,
Drew J. Weaver <drew.weaver at thenap.com> wrote:
>Well, we can see at ARIN that 206.222.10 >
>
> DNS2.EE.NET 206.222.1.2
> DNS3.EE.NET 206.222.1.3
>
>And that is us, and my question really was why now after 2 years of doing
>this way it all of the sudden needs A records for our modem pools? Im not
>trying to be argumentative im trying to understand what happened to make the
>rules that it runs by suddenly change. Since again, nothing has changed.
I don't know what's changed for you, but the A record requirement is there
to prevent reverse DNS spoofing. Anyone who controls their own reverse DNS
can put in a PTR record that translates their addresses to
something.EE.NET, so the only way to tell whether this is legitimate is to
perform a forward lookup of something.EE.NET and check that you get back
the address you started with.
Perhaps someone upgraded sendmail or tweaked something in its config file
to make it do the extra check.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list